We have RT set up to check 3 AD servers...the theory is that if one is
down, it will try the next one. Unfortunately this does not seem to be
the case...if the first AD server isn't responding to LDAP queries, the
login just fails. Attached is the section of our config file relating
to ExternalAuth. Any ideas why it's failing after just one attempt, or
is that how the ExternalAuth extension is supposed to work?
Set($ExternalAuthPriority, [ 'LDAP1', 'LDAP2', 'LDAP3' ] );
Set($ExternalInfoPriority, [ 'LDAP1', 'LDAP2', 'LDAP3' ] );
Set($ExternalSettings,
{'LDAP1' =>
{
'type' => 'ldap',
'auth' => 1,
'info' => 1,
'server' => 'server1',
'user' => 'user',
'pass' => 'password',
'base' => 'ou=base',
'filter' => '(objectClass=*)',
'd_filter' => '(objectClass=ThisWillNeverMatch)',
'tls' => 1,
'group' => '',
'group_attr' => '',
'attr_match_list' => [ 'Name',
'EmailAddress',
'RealName',
'WorkPhone',
'Address2'
],
'attr_map' => { 'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
}
}
},
{'LDAP2' =>
{
'type' => 'ldap',
'auth' => 1,
'info' => 1,
'server' => 'server2',
'user' => 'user',
'pass' => 'password',
'base' => 'ou=base',
'filter' => '(objectClass=*)',
'd_filter' => '(objectClass=ThisWillNeverMatch)',
'tls' => 1,
'group' => '',
'group_attr' => '',
'attr_match_list' => [ 'Name',
'EmailAddress',
'RealName',
'WorkPhone',
'Address2'
],
'attr_map' => { 'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
}
}
},
{'LDAP3' =>
{
'type' => 'ldap',
'auth' => 1,
'info' => 1,
'server' => 'server3',
'user' => 'user',
'pass' => 'password',
'base' => 'ou=base',
'filter' => '(objectClass=*)',
'd_filter' => '(objectClass=ThisWillNeverMatch)',
'tls' => 1,
'group' => '',
'group_attr' => '',
'attr_match_list' => [ 'Name',
'EmailAddress',
'RealName',
'WorkPhone',
'Address2'
],
'attr_map' => { 'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
}
}
}
);
